Mastering Wireshark: A Beginner’s Guide to Network Packet Analysis tryhackme

 


Mastering Wireshark: A Beginner’s Guide to Network Packet Analysis

Wireshark is one of the most powerful and widely used network protocol analyzers available today. Whether you're a cybersecurity enthusiast, network administrator, or computer science student, learning Wireshark gives you deep visibility into network traffic and communication.

In this guide, we’ll explore the fundamentals of Wireshark, how to analyze packets, apply filters, and navigate large PCAP files effectively.

What is Wireshark?

Wireshark is an open-source network packet analyzer that allows users to capture and inspect network traffic in real time or through saved capture files (PCAP/PCAPNG).

It helps in:

  • Detecting network issues and congestion

  • Identifying suspicious traffic patterns

  • Analyzing protocols such as HTTP, TCP, UDP, DNS, and more

  • Learning how data moves across OSI layers

Important: Wireshark is not an Intrusion Detection System (IDS). It does not block or modify traffic — it only analyzes packets.

Understanding the Wireshark Interface

When you open Wireshark, you’ll notice five major sections:

1. Toolbar

Provides options for capturing, filtering, exporting, and merging files.

2. Display Filter Bar

Used to apply display filters and narrow down specific traffic.

3. Packet List Pane

Shows a summary of captured packets including:

  • Source

  • Destination

  • Protocol

  • Info

4. Packet Details Pane

Displays decoded protocol layers based on the OSI model.

5. Packet Bytes Pane

Shows raw packet data in hexadecimal and ASCII format.

Packet Dissection Explained

Packet dissection breaks down each packet into OSI layers:

  • Layer 1 – Frame

  • Layer 2 – MAC Addresses

  • Layer 3 – IP Addresses

  • Layer 4 – TCP/UDP Ports

  • Application Layer – HTTP, FTP, SMB, etc.

  • Application Data – Actual transferred content

This layered breakdown makes traffic analysis structured and efficient.

Packet Navigation & Investigation Features

Wireshark offers powerful navigation tools:

  • Go to specific packet numbers

  • Find packets using string, hex, or regex

  • Mark packets for investigation

  • Add packet comments

  • Export specific packets

  • Extract transferred files (HTTP, SMB, TFTP, etc.)

  • View Expert Information (Warnings, Errors, Notes)

Display Filtering in Wireshark

Filtering is essential when working with large capture files.

Filter by Protocol

http

Filter by Port

tcp.port == 80

Filter by IP

ip.addr == 192.168.1.2

Conversation Filters

Allows viewing all packets between specific endpoints.

Follow Stream

Reconstructs application-level traffic (e.g., full HTTP session).

Exercise Answers (From Exercise.pcapng)

Below are all the verified answers from the Wireshark Basics exercises:

Tool Overview

  • Flag: TryHackMe_Wireshark_Demo

  • Total Packets: 58620

  • SHA256 Hash:
    f446de335565fb0b0ee5e5a3266703c778b2f3dfad7efeaeccb2da5641a6d6eb

Packet Dissection (Packet 38)

  • Markup Language: eXtensible Markup Language

  • Arrival Date: 05/13/2004

  • TTL Value: 47

  • TCP Payload Size: 424

  • E-Tag Value: 9a01a-4696-7e354b00

Packet Navigation

  • Artist 1 Name: r4w8173

  • MD5 Hash (Packet 12 Comment): 911cd574a42865a956ccde2d04495ebf

  • Alien's Name (.txt file): PACKETMASTER

  • Number of Warnings: 1636

Packet Filtering

  • Filter Query (Packet 4): http

  • Displayed Packets: 1089

  • Total Artists (HTTP Stream): 3

  • Second Artist Name: Blad3

Conclusion

Completing the Wireshark Basics training builds a strong foundation in network traffic analysis. You now understand:

  • How packets move through OSI layers

  • How to apply powerful display filters

  • How to extract files from network traffic

  • How to investigate suspicious events

Wireshark is an essential tool for anyone pursuing cybersecurity, networking, or digital forensics.

Comments

Post a Comment

Popular Posts